Government Memo Warned of High Security Risk at Health Care Website
An internal government memo written just days before the start of open enrollment for Obamacare warned of a "high" security risk because of a lack of testing of the HealthCare.gov website.
"Due to system readiness issues, the SCA (security control assessment) was only partly completed," said the internal memo from the Center for Medicare and Medicaid Services. "This constitutes a risk that must be accepted and mitigated to support the Marketplace Day 1 operations."
The memo, which was provided in response to a request from the House Oversight Committee, goes on to explain that CMS would create a "dedicated security team" to monitor the risk, conduct weekly scans and within 60 to 90 days after the website went live, "conduct a full-scale SCA test," reported CNN.
The memo did not detail the security concerns, said CNN. It was written by IT officials at CMS, and was sent to and signed by the agency's director, Marilyn Tavenner, who testified on Capitol Hill on that she thought the website was ready to go when it began its crash-riddled rollout on October 1.
Rep. Mike Rogers, R-Michigan said the system should have been more thoroughly vetted, since it asks purchasers of health insurance to provide personal information, CNN said.
"You accepted a risk on behalf of every person that used this computer that put their personal and financial information at risk because you did not even have the most basic 'end-to-end' test on security of this system," Rep. Rogers said. "Amazon would never do this. ProFlowers would never do this. Kayak would never do this," he said.